From 6d76624e91dd2639479df5234bacc2b83db755e4 Mon Sep 17 00:00:00 2001
From: csoler <csoler@users.sourceforge.net>
Date: Sat, 27 May 2017 23:16:20 +0200
Subject: [PATCH 1/2] fixed uninitialized memory read in grouter

---
 libretroshare/src/grouter/p3grouter.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libretroshare/src/grouter/p3grouter.cc b/libretroshare/src/grouter/p3grouter.cc
index 729e778ce..0717ee15f 100644
--- a/libretroshare/src/grouter/p3grouter.cc
+++ b/libretroshare/src/grouter/p3grouter.cc
@@ -1990,7 +1990,7 @@ bool p3GRouter::signDataItem(RsGRouterAbstractMsgItem *item,const RsGxsId& signi
         std::cerr << "Created    signature for data hash: " << RsDirUtil::sha1sum(data,data_size) << " and key id=" << signing_id << std::endl;
 //#endif
         // Check signature
-        RsIdentityUsage::UsageCode info;
+        RsIdentityUsage::UsageCode info = RsIdentityUsage::GLOBAL_ROUTER_SIGNATURE_CREATION;
         uint32_t error;
 
         if(verifySignedDataItem(item,info,error))

From 0868b6443642fa241dfd09e10d1f77e78e9de5e8 Mon Sep 17 00:00:00 2001
From: csoler <csoler@users.sourceforge.net>
Date: Sun, 28 May 2017 22:49:07 +0200
Subject: [PATCH 2/2] fixed uninitialized memory read in GxsTrans msg Id

---
 libretroshare/src/gxs/gxssecurity.cc     | 2 +-
 libretroshare/src/gxstrans/p3gxstrans.cc | 3 +++
 libretroshare/src/pqi/authssl.cc         | 2 +-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/libretroshare/src/gxs/gxssecurity.cc b/libretroshare/src/gxs/gxssecurity.cc
index 6868d6934..9dd826183 100644
--- a/libretroshare/src/gxs/gxssecurity.cc
+++ b/libretroshare/src/gxs/gxssecurity.cc
@@ -359,7 +359,7 @@ bool GxsSecurity::getSignature(const char *data, uint32_t data_len, const RsTlvP
 	ok &= EVP_SignUpdate(mdctx, data, data_len) == 1;
 
 	unsigned int siglen = EVP_PKEY_size(key_priv);
-	unsigned char sigbuf[siglen];
+    unsigned char sigbuf[siglen] = { 0 };
 	ok &= EVP_SignFinal(mdctx, sigbuf, &siglen, key_priv) == 1;
 
 	// clean up
diff --git a/libretroshare/src/gxstrans/p3gxstrans.cc b/libretroshare/src/gxstrans/p3gxstrans.cc
index f95c51a58..8bba9130b 100644
--- a/libretroshare/src/gxstrans/p3gxstrans.cc
+++ b/libretroshare/src/gxstrans/p3gxstrans.cc
@@ -87,7 +87,10 @@ bool p3GxsTrans::sendData( RsGxsTransId& mailId,
 	}
 
 	OutgoingRecord pr( recipient, service, data, size );
+
+    pr.mailItem.clear();
 	pr.mailItem.meta.mAuthorId = own_gxsid;
+	pr.mailItem.meta.mMsgId.clear();
 	pr.mailItem.cryptoType = cm;
 	pr.mailItem.mailId = RSRandom::random_u64();
 
diff --git a/libretroshare/src/pqi/authssl.cc b/libretroshare/src/pqi/authssl.cc
index 30f724a7e..8d28b2678 100644
--- a/libretroshare/src/pqi/authssl.cc
+++ b/libretroshare/src/pqi/authssl.cc
@@ -599,7 +599,7 @@ bool AuthSSLimpl::SignData(const void *data, const uint32_t len, std::string &si
 
 	EVP_MD_CTX *mdctx = EVP_MD_CTX_create();
         unsigned int signlen = EVP_PKEY_size(mOwnPrivateKey);
-	unsigned char signature[signlen];
+	unsigned char signature[signlen] = { 0 };
 
 	if (0 == EVP_SignInit(mdctx, EVP_sha1()))
 	{